Urgent: Migrate to TLS 1.2 by June 18th!

Those That Don’t Will Not be able to Connect and Process Through E-Complish

So, as this is being written, the deadline for migrating to electronic payment security protocol TLS (Transport Layer Security) 1.2 is approaching rapidly. As of June 18th, 2018, E-Complish clients who still haven’t upgraded to TLS 1.2 will find themselves unable to access our systems.

No, we haven’t put this policy in place to be mean! We are complying with the PCI Security Standards Council, which has set a deadline of June 30th, 2018 for merchants who need to do so to upgrade their systems. We at E-Complish have decided to push the envelope just a little and request that our clients be upgraded as necessary by the 18th of the month. We are also requesting that our clients upgrade to TLS 1.2 even though the Council’s demand is for an upgrade to at least TLS 1.1. Yes, we pride ourselves on adhering to the highest standards of security for our clients!

This is being done for the sake of tighter security, as hackers have become ever more sophisticated at stealing people’s personal and financial data, as infamous hacker attacks such as POODLE and Heartbleed have demonstrated. Any merchant or merchant website out of PCI compliance come July 1st will be unable to process credit and debit card payments. As we at E-Complish have stated elsewhere, in the modern business world being unable to process card payments is, for the vast majority of merchants, tantamount to being put out of business altogether.

Indeed, we stated as much in our press release back in March: “Non-compliance may very well lead to huge data breaches with catastrophic consequences for a merchant including lost inventory, lost customers, widespread negative publicity, lawsuits from financially harmed customers, and fines and lawsuits from credit card providers including VISA and MasterCard. In fact, a large enough data security breach could strip a merchant of their ability to accept credit cards or worse yet put a merchant out of business.”

The payment card industry has decided in recent years that it has to be proactive and stay ahead of hackers, which means upgrading security systems whenever possible and feasible before the bad guys have had enough time to figure out how to eavesdrop on or tamper with the messages being sent back and forth between customers, banks, and merchants when electronic payments are processed. TLS 1.2 is the most secure encryption system for electronic payments that has ever been designed. In the future, when an even more secure system has been devised, you can bet the farm that the PCI Council will set up a new deadline for migration to that new protocol.

International director of the PCI Security Standards Council Jeremy King explains: “To safeguard payment data in accordance with PCI-DSS, it is critically important that organizations upgrade to TLS 1.1 or higher as soon as possible and disable any fallback to SSL/early TLS. Because of its widespread use online, SSL/early TLS has been targeted by security researchers and attackers. Many serious vulnerabilities in SSL/early TLS…have been uncovered over the past 20 years, making it an unsafe method for protecting sensitive data. If left unaddressed, these serious vulnerabilities in SSL and early TLS that put organizations at risk of being breached. The widespread POODLE and BEAST exploits are just a couple of examples of how attackers have taken advantage of weaknesses in SSL and early TLS to compromise organizations.”

Meanwhile, Julie Conroy, research director at Aite Group, tells us: “While we’ve known about this deadline since 2015, there are always laggards around various aspects of PCI compliance, and this is no exception. The problem of merchants running behind on security has been compounded as so many micro-merchants have come into existence over the past few years. Most of them believe they’re too small to be on hackers’ radar; they do not know that automation of attacks makes everyone a target.”

In reality, migrating to TLS 1.2 is, for a large percentage of our clients who still need to do so, a pretty easy thing to handle. We’re already prepared to have our customer service team instruct our clients who call in with problems related to the migration to simply upgrade their web browsers. All of the advanced browsers today including Google Chrome, FireFox, Safari, and Internet Explorer/Edge are already using TLS 1.2. Quite often, fixing any access problem with our systems is going to be as simple as upgrading to a better web browser.

We need to emphasize that we are super-serious about our clients utilizing TLS 1.2 as of June 18th. If your payment system isn’t migrated (if necessary) by that date, it won’t be able to talk to our system and our services won’t be available to you. For the sake of security, this isn’t an issue that we can make exceptions for or take lightly.

If you need additional assistance with the migration, E-Complish provides four different communication channels through which you can reach out to us: